a brief introduction to information security - part i · 2012-08-23 · a brief introduction to...

A brief introduction to information securityPart I

Tyler Moore

Computer Science & Engineering Department, SMU, Dallas, TX

August 23, 2012

Some definitionsComputer systems and networks

Outline

1 Some definitionsWhat is security?What is digital information?What is information security?

2 Computer systems and networksComputer architectureNetwork architecture

2 / 41


What is security?What is digital information?What is information security?

Safety vs. Security

Safety

Protects againstaccidents

Defends against nature

Can be modeled usingprobability theory withhistorical data

Security

Protects against intentionalmalice

Defends against intelligentbeings

Must model the strategy ofadversaries

4 / 41



Safety vs. Security

SafetySecurity

Question: If you were in charge of a building’s security, how wouldpreparations differ for a tornado versus a terrorist attack?

Hint: When preparing for a tornado, should you consider whetherneighboring buildings have been protected?

5 / 41

Notes

Notes

Notes

Notes



What is digital information?

Definition

Digital information: information encoded in discrete numbers

“Hi!” → 0x486921

6 / 41



What are the implications of digital representation ofinformation?

1 Costless to create perfect copies

2 Information can be transmitted anywhere immediately3 Information can be remembered indefinitely

⇒ Easy to keep detailed record of transactions

4 Digitally encoded information lacks provenance

⇒ Modifications can’t be identified by just looking at the data

7 / 41



What is information security?

Information security is the endeavor to achieve protection goalsspecific to information. What are those goals?

1 Confidentiality: information is accessible only to authorizedparties

2 Integrity: modification of information can be detected

3 Availability: authorized parties can access information (anduse resources) when and where it is needed

8 / 41



Confidentiality

Broker Exchange

〈BUY,200,GOOG,$600.25〉

Eve

9 / 41

Notes

Notes

Notes

Notes



Confidentiality caveats

Confidentiality does not cover prior knowledge

Breaches of confidentiality cannot be undone

Breaches of confidentiality can be difficult to detect

Question: what characteristics of digital information makeprotecting confidentiality difficult?

10 / 41



Integrity

Broker Exchange

〈BUY,200,GOOG,$600.25〉

Mallory

$550.25

11 / 41



Integrity caveats

Protecting integrity 6=⇒ correcting modifications

Integrity simply ensures that information hasn’t been altered

Integrity makes no claim of absolute correctness

Question: what characteristics of digital information makeprotecting integrity difficult?

12 / 41



Availability

Broker Exchange

〈BUY,200,GOOG,$600.25〉

Mallory

〈BUY,200,GOOG,$600.25〉

13 / 41

Notes

Notes

Notes

Notes



Availability caveats

Integrity is widely seen to be “harder” to guarantee thanconfidentiality or integrity

Why? guarantees must often be made for more than theinformation

Guarantees of the functionality of other parties may berequired

14 / 41



Who are these authorized parties the definitions speak of?

Who is an authorized party?

How are they authorized? By whom?

Parties: human beings controlling computer system, orprograms acting on their behalf

Authorization: decision a principal must take on whether aparty is allowed to undertake a task

Authorization decision is the fundamental challenge ofsecurity engineering

15 / 41



Identification vs. Authentication vs. Authorization

Identification, authentication and authorization answerdifferent questions

Identification: Who are you?Authentication: Is it really you?Authorization: Knowing who you are, are you allowed to dosomething?

Common mistake: conflating these concepts

Deploying an authentication system does not solve theauthorization problem

16 / 41



How computers identify people

In order to authorize a user to access computer resources,systems must figure out who they’re interacting with

Computer systems store (ID, attribute) pairs

Upon encountering a user, the system prompts for the ID andattribute.

IDs should be unique

If the attribute is only known to the user (e.g., a password), itcan be used to authenticate the user to the system

17 / 41

Notes

Notes

Notes

Notes



Case study: authentication and authorization at ATMs

ATM Bank

Authentication steps

1. Insert card

2. Request matching PIN

3. Enter PIN

Authorization steps

4. How much to withdraw?

5. Request $100

6. Balance≥$100?

7. Approve withdrawal

8. Dispense $100

18 / 41



Authentication failure: ATM fails to authenticate user

ATM Bank


1. Insert card


3. Enter PIN

Authorization steps


5. Request $100

6. Balance≥$100?


8. Dispense $100

Mallory

Guess PIN

19 / 41



Card skimmers: ATM incorrectly authenticates user

Source: http://krebsonsecurity.com/all-about-skimmers/

20 / 41



Authentication failure: User fails to authenticate ATM

ATM Bank


1. Insert card


3. Enter PIN

Authorization steps


5. Request $100

6. Balance≥$100?


8. Dispense $100

ATM

Mallory

FakeATM

21 / 41

Notes

Notes

Notes

Notes

http://krebsonsecurity.com/all-about-skimmers/



Fake ATMs: User fails to authenticate ATM

Source: http://www.wired.com/threatlevel/2009/08/malicious-atm-catches-hackers/

22 / 41



Question: how does authentication fail on phishingwebsites?

23 / 41


Computer architectureNetwork architecture

Four fundamental ideas of computer architecture

1 Code is data

2 Layers of abstraction

3 Moore’s law

4 Halting problem

25 / 41



The von Neumann computer architecture

The pervasive von Neumann computerarchitecture does not distinguishbetween instructions for computerprograms and data

Consequently, Code is Data⇒ Enables great flexibility in

reprogramming computers⇒ Programs can be costlessly

reproduced, not just data

There are unfortunate securityimplications John von Neumann

26 / 41

Notes

Notes

Notes

Notes

http://www.wired.com/threatlevel/2009/08/malicious-atm-catches-hackers/



The dark side of “Code is Data”

Source: http://www.cl.cam.ac.uk/~rja14/Papers/SE-04.pdf

27 / 41



Layers of abstraction

Abstraction: specifying meaning and behavior of softwarewhile hiding implementation details

Modular code exploits abstraction and enables compositionand reuse

Abstraction and code modularity enables rapid softwaredevelopment (which has in turn led to a rapid rise in softwarecomplexity)

Unlike for mechanical engineering, in software engineeringthere is no practical limit to the potential combinations ofcode

28 / 41



Abstraction solves everything?

“All problems in computer sciencecan be solved by another level ofindirection.”

David Wheeler

29 / 41



Layered computer architecture

Hardware

Operating system

Libraries

Application

Active content

Intel x86

Microsoft Windows

Mozilla Firefox

Gecko, NSPR, OJI, . . .

Facebook

30 / 41

Notes

Notes

Notes

Notes

http://www.cl.cam.ac.uk/~rja14/Papers/SE-04.pdf



Layers – good or bad?

+ Abstraction enables greater compatibility since higher layeronly interacts with next layer

+ Layered approach means that developers can ignore problemsalready solved at other layers

- Higher layers cannot identify or prevent malfunctions at lowerlayers

- Vulnerabilities propagate up the stack

- Flaws in a single layer can affect all software developed on top

⇒ Think back to when Windows was ridden with holes

Question: at what layer can a strategic attacker wreak themost havoc at least cost?

31 / 41



Abstraction solves everything?

“All problems in computer sciencecan be solved by another level ofindirection”, except securityproblems.

32 / 41



Moore’s law

Intel founder Gordon Moore noticed in 1965 that integratedcircuit density had been doubling since the 1950s

He predicted the trend to continue

Moore’s Law: computer performance roughly doubles every 18months

Figure from Moore’s original paper speculating on the implications of exponential growth in computing power

33 / 41



The halting problem

In 1936, Alan Turing proved that it isimpossible to write a general-purposeprogram that can determine whetheranother program will stop

Bear this in mind the next timesomeone complains that softwaredevelopers should be able to find andremove all vulnerabilities in their code

34 / 41

Notes

Notes

Notes

Notes



The Internet circa 1971

Source: http://personalpages.manchester.ac.uk/staff/m.dodge/cybergeography/atlas/arpanet3.gif

35 / 41



Network architecture

It has long been recognized that there could be value inconnecting computers together

Researchers developed protocols that specified how computerscould communicate with each other

Networking protocols also leverage abstraction layers

36 / 41



Networking protocol stack

Physical

Data Link

Network

Transport

Application

802.11n

Ethernet

IP

TCP, UDP

HTTP, SMTP, BGP

37 / 41



Networking protocols

IP protocolEach computer has a 32-bit unique address (e.g.,129.119.70.166)Any computer should be reachable using its IP address

Transport layerTCP: establishes connection between devices before sendingtrafficUDP: connectionless – data is simply transmitted

Application layerMany available applications, each operating on a different portHTTP (port 80): protocol for web sites (e.g., connecting to129.119.70.166:80 delivers the SMU home page)SMTP (port 25): protocol for sending emailSSH (port 22): secure remote login to computersBGP (port 179): protocol for connecting Internet providersMany applications have been developed (e.g., see a list ofcommon port numbers athttp://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers)

38 / 41

Notes

Notes

Notes

Notes

http://personalpages.manchester.ac.uk/staff/m.dodge/cybergeography/atlas/arpanet3.gif

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers



Global routing via BGP

Source: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/networks-and-services-resilience/inter-x/interx/

report/interx-report/at_download/fullReport

39 / 41



Important design decisions for networking protocols

Internet protocols incorporated a number of design decisionsthat impact security

1 IP makes computers globally addressable2 Packets are delivered on a best-effort basis, making it hard to

distinguish malice from bad luck3 No built-in authentication to protocols, which enables spoofing4 Design is inherently decentralized, which makes coordination

difficult (e.g., to upgrade to a more secure protocol)

40 / 41



Recap

1 Some definitionsWhat is security?What is digital information?What is information security?

2 Computer systems and networksComputer architectureNetwork architecture

41 / 41

Notes

Notes

Notes

Notes

http://www.enisa.europa.eu/activities/Resilience-and-CIIP/networks-and-services-resilience/inter-x/interx/report/interx-report/at_download/fullReport

http://www.enisa.europa.eu/activities/Resilience-and-CIIP/networks-and-services-resilience/inter-x/interx/report/interx-report/at_download/fullReport

a brief introduction to information security - part i · 2012-08-23 · a brief introduction to...

Documents